Enterprise risk management

Late in 2005, I travelled to Australia and Dubai, first to attend the Risk Management Institute of Australasia (RMIA) conference, and then to address the Middle East enterprise risk management and business continuity conference in Dubai.

What struck me were the differences in approach between the two. Although the Australian conference did not specifically focus on enterprise risk management (ERM), it appeared implicit. However, in Dubai the first day of the conference was given over to ERM as a separate subject, which perhaps for the business continuity managers present, it was.

The Institute of Risk Management (IRM) does not focus separately on ERM.

The reason for this is that the totality of the risk message expounded by the IRM syllabus addresses what is known as ERM. Our diploma subject groupings represent a broad stratum, ranging from risk assessment, analysis and evaluation and risk management, organisation and context through to corporate governance, information systems risk and business continuity, and crisis management.

This broad approach to risk also runs throughout our practitioner level Certificate in Risk Management and short training courses. The IRM believes that a properly educated risk manager should have the holistic skills to manage risk for an organisation. They include the breadth of vision necessary to view risk from an enterprise wide viewpoint.
Here is a further case for viewing risk holistically: on 14 December 2005, the Treasury, Financial Services Authority, and the Bank of England (the tripartite authorities) published a survey on the UK financial sector's ability to cope with a major disruption, Results showed that many organisations had meticulous planning ('Their preparedness stands the sector in good stead in terms of its overall level of resilience and ability to recover'), but did not really take into account more rounded business continuity principles, for example, human issues such as staff suffering trauma or fatigue.

It is so easy to focus narrowly in risk issues. For instance, if you are relating only to Sarbanes-Oxley and concentrating on financial risk, it can very easily lead you to miss the bigger picture that the true risk manager needs to consider. If as risk managers, we are serious about thinking strategically about risk, then consideration of ERM must be a high priority on our action list. I am sure we would all support this view; perhaps 2006 will be the year we make it happen?

Mike Walker is chairman of the Institute of Risk Management and head of risk management at Currie & Brown Consulting.